Skip to content
David Bertoldi edited this page Feb 18, 2021 · 6 revisions

scrypt is a password-based key derivation function created by Colin Percival, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory.

📑 Define scrypt parameters

scrypt accepts 4 parameters: the work factor which defines the CPU/memory cost, the resources which fine-tunes sequential memory read size and performance, the parallelisation level and the desired key length.

Name Default value Properties Description
Work factor (N) 32768 hash.scrypt.workfactor Defines the CPU/memory cost. Must be a power of 2.
Resources (r) 8 hash.scrypt.resources Defines the size of memory blocks.
Parallelisation (p) 1 hash.scrypt.parallelization Defines the cost of parallelisation for an attacker.
Output length 64 hash.scrypt.derivedKeyLength Defines the desired length of the final derived key

You can define a singleton custom scrypt function by calling ScryptFunction.getInstance(int, int, int, int) or ScryptFunction.getInstance(int, int, int)

SCryptFunction scrypt = SCryptFunction.getInstance(16384, 8, 2, 128);

In this case you have created a singleton instance which uses a work factor of 214, with 8 bytes memory blocks, a parallelisation cost of 2 and that produces a 128 bytes derived key.

Alternatively if you have defined the parameters in the file

SCryptFunction scrypt = AlgorithmFinder.getSCryptInstance();

#️⃣ How to hash passwords

Hashing passwords with scrypt can be done quite easily.

Hash hash = Password.hash(plainTextPassword).withSCrypt();

hash.getResult(); // $s0$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==

This approach takes the parameters from file (like AlgorithmFinder.getSCryptInstance()). However it's possible to use user-defined parameters as we saw previously

SCryptFunction myScrypt = SCryptFunction.getInstance(16384, 8, 2, 128);


Add salt

You have two way to define the cryptographic salt.


Method addSalt(String) make you define the intended salt.

Hash hash = Password.hash(plainTextPassword).addSalt("a1b2c3d4").withSCrypt();

For security reasons, the salt must never be the same.


Method addRandomSalt(int) adds a random generated salt with a defined length (in bytes)

Hash hash = Password.hash(plainTextPassword).addRandomSalt(42).withSCrypt();

Alternatively, you can use addRandomSalt() (no arguments) to define a random salt of 64 bytes

Hash hash = Password.hash(plainTextPassword).addRandomSalt().withSCrypt();

Add pepper

Method addPepper(CharSequence) make you define the intended pepper.

Hash hash = Password.hash(plainTextPassword).addPepper("AlicePepper").withSCrypt();

Alternatively you can define the pepper in the file at the property global.pepper

Hash hash = Password.hash(plainTextPassword).addPepper().withSCrypt();

The pepper is always prepended.

✔️ How to check the hash

Ideally the hash is retrieved from the database. Once retrieved you can check the user-provided passwords against the hash from your database. The salt is always encoded within the hash.

String hashFromDB = getHashFromDatabase(user);

boolean verified = Password.check(userProvidedPassword, hashFromDB).withSCrypt();

The parameters used are taken from your file. Alternatively you can define your own parameters

String hashFromDB = getHashFromDatabase(user);

SCryptFunction myScrypt = SCryptFunction.getInstance(16384, 8, 2, 128);

boolean verified = Password.check(userProvidedPassword, hashFromDB).with(myScrypt);

🔄 How to update the hash

If you want to migrate your cryptographic hashes from the original configuration to a more secure one, you can refresh them during the first user login.

String hashFromDB = getHashFromDatabase(user);

SCryptFunction myScrypt = SCryptFunction.getInstance(16384, 8, 2, 128);

HashUpdate update = Password.check(userProvidedPassword, hashFromDB)

    Hash newHash = update.getHash();
    storeNewHash(user, newHash.getHash());

You can switch to any other hashing function offered by Password4j (for example Argon2)

PBKDF2Function oldFunction = AlgorithmFinder.getSCryptFunction();
Argon2Function newFunction = AlgorithmFinder.getArgon2Function();

HashUpdate update = Password.check(userProvidedPassword, hashFromDB)
                            .addNewRandomSalt().with(oldFunction, newFunction);

Password4j documentation

Clone this wiki locally